Scanning Networks - p.12

Lab 11

Auditing Scanning by using Global Network Inventory

Global Network Inventory is used as an audit scanner in zero deployment and agent-free environments. It scans conrptiters by IP range, domain, con/p!iters or single computers, defined by the Global Network Inventory host fie.

Lab Scenario

With the development o f network technologies and applications, network attacks are greatly increasing both in number and severity. Attackers always look for se rv ic e vulnerabilities and application vulnerabilities on a network or servers. If an attacker finds a flaw or loophole in a service run over the Internet, the attacker will immediately use that to compromise the entire system and other data found, thus he or she can compromise other systems on the network. Similarly, if the attacker finds a workstation with administrative privileges with faults in that workstation’s applications, they can execute an arbitrary code or  implant viruses to intensify the damage to the network. As a key technique in network security domain, intrusion detection systems (IDSes) play a vital role of detecting various kinds o f attacks and secure the networks. So, as an administrator you shoiild make sure that services do not run as the root user, and should be cautious of patches and updates for applications from vendors or security organizations such as CERT and CVE. Safeguards can be implemented so that email client software does not automatically open or execute attachments. in this lab, you will learn how networks are scanned using the Global Network Inventory tool.

Lab Objectives

This lab will show you how networks can be scanned and how to use Global Network Inventory. It will teach you how to:

■ Use the Global Network Inventory tool

Lab Environment

To cany out die lab, you need:

■ Global Network Inventory tool located at D:\CEH-Tools\CEHv8 Module 03 Scanning Networks\Scanning Tools\Global Network Inventory Scanner
■ You can also download the latest version of Global Network Inventory from this link
http://www.magnetosoft.com/products/global network inventory/gn i features.htm/
■ I f you decide to download the latest version, then s c r e en sh o ts shown in the lab might differ
■ A computer running Windows Server 2012 as attacker (host machine)
■ Another computer running Window Server 2008 as victim (virtual machine)
■ A web browser with Internet access
■ Follow die wizard-driven installation steps to install Global Network Inventory
■ Administrative privileges to run tools

Lab Duration

Time: 20 Minutes

Overview of Global Network Inventory

Global Network Inventory is one of die de facto tools for security auditing and testing of firewalls and networks, it is also used to exploit Idle Scanning.

Lab Tasks

1. Launch the Start menu by hovering die mouse cursor in the lower-left corner of die desktop

FIGURE 11.1: Windows Server 2012 - Desktop view

2. Click die Global Network Inventory app to open die Global Network Inventory window.

FIGURE 112: Windows Server 2012 - Apps

3. The Global Network Inventory Main window appears as shown in die following figure.
4. The Tip of Day window also appears; click Close.

FIGURE 11.3 Global Network Inventory Maui Window

5. Turn 011 Windows Server 2008 virtual machine from Hyper-V Manager.

FIGURE 11.4: Windows 2008 Virtual Machine

6. Now switch back to Windows Server 2012 machine, and a new Audit Wizard window will appear. Click Next (01־ in die toolbar select Scan tab and click Launch audit wizard).

FIGURE 11.5: Global Network Inventory new audit wizard

7. Select IP range scan and dien click Next in die Audit Scan Mode wizard.

FIGURE 11.6: Global Network Inventory Audit Scan Mode

8. Set ail IP range scanand then click Next in die IP Range Scan wizard.

9. 111 die Authentication Settings wizard, select Connect a s and fill the respected credentials of your Windows Server 2008 Virtual Machine, and click Next.

FIGURE 11.8 Global Network Inventory Authentication settings

10. Live die settings as default and click Finish to complete die wizard.

FIGURE 11.9: Global Network Inventory final Audit wizard

11. It displays die Scanning progress in die Scan progress window.

FIGURE 11.10: Global Network Inventory Scanning Progress

12. After completion, scanning results can be viewed as shown in the following figure.

FIGURE 11.11: Global Network Inventory result window

13. Now select Windows Server 2008 machine from view results to view individual results.

FIGURE 11.12 Global Network Inventory Individual machine results

14. The Scan Summary section gives you a brief summary of die machines diat have been scanned

FIGURE 11.13: Global Inventory Scan Summary tab

15. The Bios section gives details of Bios settings.

FIGURE 11.14: Global Network Inventory Bios summary tab

16. The Memory tab summarizes die memory in your scanned machine.

FIGURE 11.15: Global Network Inventory Memory tab

17. In die NetBIOS section, complete details can be viewed.

FIGURE 11:16: Global Network Inventory NetBIOS tab

18. The User Groups tab shows user account details with die work group.

FIGURE 11.17: Global Network Inventory User groups section

19. The Logged on tab shows detailed logged on details of die machine

FIGURE 11.18: Global Network Inventory Lowed on Section

20. Tlie Port connectors section shows ports connected in die network

FIGURE 11.19; Global Network Inventory Port connectors tab

21. Tlie Service section give die details o f die services installed in die machine.

FIGURE 11J20: Global Network Inventory Services Section

22. The Network Adapters section shows die Adapter IP and Adapter type

FIGURE 11.21: Global Network Inventory Network Adapter tab

Lab Analysis
Document all die IP addresses, open ports and miming applications, and protocols you discovered during die lab.

Questions

1. Can Global Network Inventory audit remote computers and network appliances, and if yes, how?
2. How can you export the Global Network agent to a shared network directory?